Release Swift Package #109
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Release Swift Package | |
| on: | |
| workflow_call: | |
| inputs: | |
| build-run-id: | |
| description: "Workflow Run ID to use for artifact download. If not provided the latest build from the selected branch will be used." | |
| type: string | |
| required: false | |
| pre-release: | |
| description: "Create a pre-release" | |
| type: boolean | |
| required: false | |
| default: false | |
| workflow_dispatch: | |
| inputs: | |
| build-run-id: | |
| description: "Workflow Run ID to use for artifact download. If not provided the latest build from the selected branch will be used." | |
| type: string | |
| required: false | |
| pre-release: | |
| description: "Create a pre-release" | |
| type: boolean | |
| required: false | |
| default: false | |
| env: | |
| _KEY_VAULT: "bitwarden-ci" | |
| jobs: | |
| validate: | |
| name: Set Version and SHA | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| sha: ${{ steps.set-sha.outputs.sha }} | |
| short_sha: ${{ steps.set-sha.outputs.short_sha }} | |
| release_name: ${{ steps.set-release-name.outputs.release_name }} | |
| run_id: ${{ steps.get-run-id.outputs.build-run-id }} | |
| swift_checksum: ${{ steps.calculate-swift-checksum.outputs.checksum }} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| - name: Get version | |
| id: version | |
| run: | | |
| VERSION=$(grep -o '^version = ".*"' Cargo.toml | grep -Eo "[0-9]+\.[0-9]+\.[0-9]+") | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Get run id | |
| id: get-run-id | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| OWNER: ${{ github.repository_owner }} | |
| REPO: ${{ github.event.repository.name }} | |
| run: | | |
| if [ -z ${{ inputs.build-run-id }} ]; then | |
| BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}} | |
| RUN_ID=$(gh api \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "X-GitHub-Api-Version: 2022-11-28" \ | |
| /repos/$OWNER/$REPO/actions/workflows/build-swift.yml/runs \ | |
| | jq -r "[.workflow_runs[] | select(.head_branch == \"$BRANCH\").id ] | first") | |
| else | |
| RUN_ID=${{ inputs.build-run-id }} | |
| fi | |
| echo "build-run-id=$RUN_ID" >> $GITHUB_OUTPUT | |
| - name: Download BitwardenEFI artifact | |
| uses: bitwarden/gh-actions/download-artifacts@main | |
| id: download-artifact | |
| with: | |
| workflow: build-swift.yml | |
| workflow_conclusion: success | |
| skip_unpack: true | |
| run_id: ${{ steps.get-run-id.outputs.build-run-id }} | |
| - name: Set SHA | |
| id: set-sha | |
| run: | | |
| echo "sha=${{ steps.download-artifact.outputs.artifact-build-commit }}" >> $GITHUB_OUTPUT | |
| echo "short_sha=$(echo ${{ steps.download-artifact.outputs.artifact-build-commit }} | cut -c1-7)" >> $GITHUB_OUTPUT | |
| - name: Set release name | |
| id: set-release-name | |
| run: | | |
| if [[ ${{ inputs.pre-release }} == true ]]; then | |
| echo "release_name=${{ steps.version.outputs.version }}-unstable-${{ steps.set-sha.outputs.short_sha }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "release_name=${{ steps.version.outputs.version }}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Calculate swift file checksum | |
| id: calculate-swift-checksum | |
| run: | | |
| CHECKSUM=$(swift package compute-checksum BitwardenFFI-${{ steps.version.outputs.version }}-${{ steps.set-sha.outputs.short_sha }}.xcframework.zip) | |
| echo "checksum=$CHECKSUM" >> $GITHUB_OUTPUT | |
| repo-sync: | |
| name: Push changed files to SDK Swift repo | |
| runs-on: ubuntu-22.04 | |
| needs: validate | |
| env: | |
| _BOT_EMAIL: [email protected] | |
| _BOT_NAME: bitwarden-devops-bot | |
| _PKG_VERSION: ${{ needs.validate.outputs.version }} | |
| _PRE_RELEASE: ${{ inputs.pre-release }} | |
| _RELEASE_NAME: ${{ needs.validate.outputs.release_name }} | |
| _SWIFT_CHECKSUM: ${{ needs.validate.outputs.swift_checksum }} | |
| _BUILD_RUN_ID: ${{ needs.validate.outputs.run_id }} | |
| steps: | |
| - name: Checkout SDK repo | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| with: | |
| path: sdk | |
| - name: Get ref from SDK repo | |
| id: get-ref | |
| run: | | |
| if [[ $_PRE_RELEASE == true ]]; then | |
| echo "ref=unstable" >> $GITHUB_OUTPUT | |
| else | |
| echo "ref=main" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Login to Azure - Prod Subscription | |
| uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
| with: | |
| creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve secrets | |
| id: retrieve-secrets | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: "bitwarden-ci" | |
| secrets: "github-gpg-private-key, | |
| github-gpg-private-key-passphrase, | |
| github-pat-bitwarden-devops-bot-repo-scope" | |
| - name: Checkout SDK-Swift repo | |
| uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 | |
| with: | |
| repository: bitwarden/sdk-swift | |
| path: sdk-swift | |
| ref: ${{ steps.get-ref.outputs.ref }} | |
| token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} | |
| - name: Import GPG key | |
| uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 | |
| with: | |
| gpg_private_key: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key }} | |
| passphrase: ${{ steps.retrieve-secrets.outputs.github-gpg-private-key-passphrase }} | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| workdir: sdk-swift | |
| - name: Setup Git | |
| working-directory: sdk-swift | |
| run: | | |
| git config --local user.email "${{ env._BOT_EMAIL }}" | |
| git config --local user.name "${{ env._BOT_NAME }}" | |
| - name: Download BitwardenSdk sources artifact | |
| uses: bitwarden/gh-actions/download-artifacts@main | |
| id: download-artifact | |
| with: | |
| workflow: build-swift.yml | |
| workflow_conclusion: success | |
| artifacts: "BitwardenSdk-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}-sources" | |
| run_id: ${{ env._BUILD_RUN_ID }} | |
| path: sdk/languages/swift/Sources/BitwardenSdk | |
| - name: Install Swift formatter | |
| run: | | |
| git clone https://github.com/nicklockwood/SwiftFormat | |
| cd SwiftFormat | |
| swift build -c release | |
| cp -f .build/release/swiftformat /usr/local/bin/swiftformat | |
| - name: Update files | |
| run: | | |
| # Update BitwardenFFI path | |
| sed -i 's|.binaryTarget(name: "BitwardenFFI", path: "BitwardenFFI.xcframework")|.binaryTarget(\ | |
| name: "BitwardenFFI",\ | |
| url: "https://github.com/bitwarden/sdk-swift/releases/download/v${{ env._RELEASE_NAME }}/BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework.zip",\ | |
| checksum: "${{ env._SWIFT_CHECKSUM }}" )|' sdk/languages/swift/Package.swift | |
| # Run swiftformat | |
| swiftformat sdk/languages/swift/Package.swift | |
| find sdk/languages/swift/Sources/ -name ".gitignore" -exec rm -f {} \; | |
| rm -rf sdk-swift/Sources | |
| rm -rf sdk-swift/Tests | |
| # Copy files to local sdk-swift repo path | |
| cp --verbose -rf sdk/languages/swift/README.md sdk-swift/README.md | |
| cp --verbose -rf sdk/languages/swift/Package.swift sdk-swift/Package.swift | |
| cp --verbose -rf sdk/languages/swift/Sources sdk-swift | |
| cp --verbose -rf sdk/languages/swift/Tests sdk-swift | |
| - name: Push changes | |
| working-directory: sdk-swift | |
| run: | | |
| git add . | |
| git commit -m "Update Swift SDK to ${{ needs.validate.outputs.sha }}" | |
| git push origin ${{ steps.get-ref.outputs.ref }} | |
| - name: Create release tag on SDK Swift repo | |
| working-directory: sdk-swift | |
| run: | | |
| git tag v${{ env._RELEASE_NAME }} | |
| git push origin v${{ env._RELEASE_NAME }} | |
| github-release: | |
| name: GitHub Release | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - validate | |
| - repo-sync | |
| env: | |
| _PKG_VERSION: ${{ needs.validate.outputs.version }} | |
| _RELEASE_NAME: ${{ needs.validate.outputs.release_name }} | |
| _BUILD_RUN_ID: ${{ needs.validate.outputs.run_id }} | |
| steps: | |
| - name: Login to Azure - Prod Subscription | |
| uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0 | |
| with: | |
| creds: ${{ secrets.AZURE_CI_SERVICE_PRINCIPAL }} | |
| - name: Retrieve secrets | |
| id: retrieve-secrets | |
| uses: bitwarden/gh-actions/get-keyvault-secrets@main | |
| with: | |
| keyvault: ${{ env._KEY_VAULT }} | |
| secrets: "github-pat-bitwarden-devops-bot-repo-scope" | |
| - name: Download BitwardenEFI artifact | |
| uses: bitwarden/gh-actions/download-artifacts@main | |
| id: download-artifact | |
| with: | |
| workflow: build-swift.yml | |
| workflow_conclusion: success | |
| artifacts: "BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework" | |
| run_id: ${{ env._BUILD_RUN_ID }} | |
| skip_unpack: true | |
| - name: Create release | |
| uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
| with: | |
| tag: v${{ env._RELEASE_NAME }} | |
| name: v${{ env._RELEASE_NAME }} | |
| body: "" | |
| token: ${{ steps.retrieve-secrets.outputs.github-pat-bitwarden-devops-bot-repo-scope }} | |
| draft: false | |
| repo: sdk-swift | |
| owner: bitwarden | |
| artifacts: "BitwardenFFI-${{ env._PKG_VERSION }}-${{ needs.validate.outputs.short_sha }}.xcframework.zip" | |
| prerelease: ${{ inputs.pre-release }} |